WASHINGTON — The chief of the military’s newly created Cyber Command told Congress on Tuesday that he is establishing 13 teams of programmers and computer experts who could carry out offensive cyberattacks on foreign nations if the United States were hit with a major attack on its own networks, the first time the Obama administration has publicly admitted to developing such weapons for use in wartime.

“I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Gen. Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.”

General Alexander’s testimony came on the same day the nation’s top intelligence official, James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.

On Monday, Thomas E. Donilon, the national security adviser, demanded that Chinese authorities investigate such attacks and enter talks about new rules governing behavior in cyberspace.

General Alexander has been a major architect of the American strategy on this issue, but until Tuesday he almost always talked about it in defensive terms. He has usually deflected questions about America’s offensive capability, and turned them into discussions of how to defend against mounting computer espionage from China and Russia, and the possibility of crippling attacks on utilities, cellphone networks and other infrastructure. He was also a crucial player in the one major computer attack the United States is known to have sponsored in recent years, aimed at Iran’s nuclear enrichment plants. He did not discuss that highly classified operation during his open testimony.

Mr. Clapper, the director of national intelligence, told the Senate Intelligence Committee that American spy agencies saw only a “remote chance” in the next two years of a major computer attack on the United States, which he defined as an operation that “would result in long-term, wide-scale disruption of services, such as a regional power outage.”

Mr. Clapper appeared with the heads of several other intelligence agencies, including Lt. Gen. Michael T. Flynn of the Defense Intelligence Agency, the F.B.I. director Robert S. Mueller III, and the C.I.A. director John O. Brennan, to present their annual assessment of the threats facing the nation. It was the first time that Mr. Clapper listed cyberattacks first in his presentation to Congress, and the rare occasion since the Sept. 11, 2001, attacks that intelligence officials did not list international terrorism first in the catalog of dangers facing the United States.

“In some cases,” Mr. Clapper said in his testimony, “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” He said it was unlikely that Russia and China would launch “devastating” cyberattacks against the United States in the near future, but he said foreign spy services had already hacked the computer networks of government agencies, businesses and private companies.

Two specific attacks Mr. Clapper listed, an August 2012 attack against the Saudi oil company Aramco and attacks on American banks and stock exchanges last year, are believed by American intelligence officials to have been the work of Iran.

General Alexander picked up on the same themes in his testimony, saying that he was adding 40 cyber teams, 13 focused on offense and 27 on training and surveillance. When pressed, he said that the best defense hinged on being able to monitor incoming traffic to the United States through private “Internet service providers,” which could alert the government, in the milliseconds that electronic messages move, about potentially dangerous attacks. Such surveillance is bound to raise more debate with privacy advocates, who fear government monitoring of the origin and the addressing data on most e-mail messages and other computer exchanges.

Traditional threats occupied much of Mr. Clapper’s testimony. American intelligence officials are giving new emphasis to the danger posed by North Korea’s nuclear weapons and missile programs, which are said for the first time to “pose a serious threat to the United States” as well as to its East Asian neighbors. North Korea, which recently made a series of belligerent statements after its third nuclear test, has displayed an intercontinental missile that can be moved by road and in December launched a satellite atop a Taepodong-2 launch vehicle, Mr. Clapper’s prepared statement noted.

“The rhetoric, while it is propaganda laced, is also an indicator of their attitude and perhaps their intent,” Mr. Clapper said during one exchange with a lawmaker, adding that he was concerned that North Korea “could initiate a provocative action against the South.”

In his discussion of terrorism, Mr. Clapper noted that while Al Qaeda’s core in Pakistan “is probably unable to carry out complex, large-scale attacks in the West,” spinoffs still posed a threat. Listed first is the affiliate in Yemen, Al Qaeda in the Arabian Peninsula, which Mr. Clapper said had retained its goal of attacks on United States soil, but he also noted militant groups in six other countries that still threaten local violence.

Mr. Clapper began his remarks by criticizing policy makers for the current budget impasse, saying that the budget cuts known as sequestration will force American spy agencies to make sharp reductions in classified programs and to furlough employees. The classified intelligence budget has ballooned over the past decade, and Mr. Clapper compared the current round of cuts to the period during the 1990s when the end of the cold war led to drastic reductions in the C.I.A.’s budget.

“Unlike more directly observable sequestration impacts, like shorter hours at public parks or longer security lines at airports, the degradation of intelligence will be insidious,” Mr. Clapper said. “It will be gradual and almost invisible unless and until, of course, we have an intelligence failure.”

The threat hearing is the only scheduled occasion each year when the spy chiefs present open testimony to Congress about the dangers facing the United States, and Mr. Clapper did not hide the fact that he is opposed to the annual ritual. President Obama devoted part of his State of the Union address to a pledge of greater transparency with the Congress and the American public, but Mr. Clapper, a 71-year-old retired Air Force general, made it clear that he saw few benefits of more public disclosure.

“An open hearing on intelligence matters is something of a contradiction in terms,” he said.

Although significant in its own right, the PLA’s apparent involvement in cyber espionage has broader implications. In particular, the allegations against Unit 61398 and other recent developments highlight the emerging great game in cyberspace across the Asia-Pacific—as well as the growing link between competition in cyberspace and traditional geopolitics.

The interconnected nature of the Internet has allowed cyber espionage to impose economic costs that are historically unique, creating enormous pressures for states and other organizations to respond. In the case of the United States, gauging the cost of cyber espionage to the economy is difficult. Although intelligence reviews point out that estimates range from $2 billion to $400 billion each year, NSA Director General Keith Alexander has said that cyber theft of economic information represents “the greatest transfer of wealth in human history.”

Moreover, these economic cybersecurity challenges originate disproportionately from the Asia-Pacific, the emerging global power center and increasing focal point of American security policy. A 2012 report by the Internet firm Akamai alleges that 51 percent of cybersecurity breaches worldwide originate in the Asia-Pacific, with one third of global totals originating from China.

A draft cybersecurity bill circulating among House Judiciary Committee members would stiffen a computer hacking law used to bring charges against Internet activist Aaron Swartz.

The bill draft would tighten penalties for cyber crimes and establish a standard for when companies would have to notify consumers that their personal data has been hacked, according to a copy obtained by The Hill.

It would also change existing law so that an attempt at a cyber crime can be punished as harshly as an actual offense.

Such measures could spark concern among advocates outraged over the death of Swartz, the 26-year-old Internet activist and computer programmer who killed himself earlier this year while facing a possible 35-year prison term for hacking. Advocates have called on Congress to make changes to what they say is a draconian law that led to too harsh a prosecution of Swartz

"As Washington fiddles, the vulnerability of U.S. infrastructure, private and public devices and networks grows. The U.S. has no clear, coordinated and effective policy to mitigate the complex threat. The public has no idea how vulnerable they (sic) are (sic), and are (sic) left out of the debate." Time approx. 90minutes

A draft cybersecurity bill circulating among House Judiciary Committee members would stiffen a computer hacking law used to bring charges against Internet activist Aaron Swartz.

The bill draft would tighten penalties for cyber crimes and establish a standard for when companies would have to notify consumers that their personal data has been hacked, according to a copy obtained by The Hill.

It would also change existing law so that an attempt at a cyber crime can be punished as harshly as an actual offense.

Such measures could spark concern among advocates outraged over the death of Swartz, the 26-year-old Internet activist and computer programmer who killed himself earlier this year while facing a possible 35-year prison term for hacking. Advocates have called on Congress to make changes to what they say is a draconian law that led to too harsh a prosecution of Swartz

"As Washington fiddles, the vulnerability of U.S. infrastructure, private and public devices and networks grows. The U.S. has no clear, coordinated and effective policy to mitigate the complex threat. The public has no idea how vulnerable they (sic) are (sic), and are (sic) left out of the debate." Time approx. 90minutes

A recent survey from Lieberman Software reveals that more than 80% of IT security professionals believe that corporate employees deliberately ignore security rules issued by the IT department.

The survey, which looked at the attitudes of nearly 250 IT security professionals, also discovered that more than half of those who think that workers deliberately ignore IT security directives do not believe end-users would listen more even if these mandates were issued by executive management.

These findings are despite the fact that more IT security professionals and vendors are insisting that in order to improve IT security within organizations, strategic guidance must be issued from the board level.

Commenting on the research, Philip Lieberman, CEO of Lieberman Software, said: “These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data – and potentially customer information – at risk. And these behaviors are continuing even after it has been proven that human error is the leading cause of data breaches. Organizations need to implement better cyber security training that properly instructs staff about the consequences of data breaches.

“IT groups must also look beyond conventional security products and invest in technology like privileged identity management (PIM),” continued Lieberman. “PIM products ensure that powerful privileged accounts found throughout the enterprise in large organizations are available only to authorized IT personnel with limited-time, audited access. This ensures that end-users are not able to accidentally or maliciously change configuration settings, access systems with sensitive data, or perform other actions that are not required of their jobs.”

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Should companies spend money on security awareness training for their employees? It's a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time and that the money can be spent better elsewhere. Moreover, I believe that our industry's focus on training serves to obscure greater failings in security design.

In order to understand my argument, it's useful to look at training's successes and failures. One area where it doesn't work very well is health. We are forever trying to train people to have healthier lifestyles: eat better, exercise more, whatever. And people are forever ignoring the lessons. One basic reason is psychological: We just aren't very good at trading off immediate gratification for long-term benefit. A healthier you is an abstract eventually; sitting in front of the television all afternoon with a McDonald's Super Monster Meal sounds really good right now.

Similarly, computer security is an abstract benefit that gets in the way of enjoying the Internet. Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy. No one reads through new privacy policies; it's much easier to just click "OK" and start chatting with your friends. In short: Security is never salient.

Another reason health training works poorly is that it’s hard to link behaviors with benefits. We can train anyone -- even laboratory rats -- with a simple reward mechanism: Push the button, get a food pellet. But with health, the connection is more abstract. If you’re unhealthy, then what caused it? It might have been something you did or didn’t do years ago. It might have been one of the dozen things you have been doing and not doing for months. Or it might have been the genes you were born with. Computer security is a lot like this, too.

Training laypeople in pharmacology also isn't very effective. We expect people to make all sorts of medical decisions at the drugstore, and they're not very good at it. Turns out that it's hard to teach expertise. We can't expect every mother to have the knowledge of a doctor, pharmacist, or RN, and we certainly can't expect her to become an expert when most of the advice she's exposed to comes from manufacturers' advertising. In computer security, too, a lot of advice comes from companies with products and services to sell.

One area of health that is a training success is HIV prevention. HIV may be very complicated, but the rules for preventing it are pretty simple. And aside from certain sub-Saharan countries, we have taught people a new model of their health and have dramatically changed their behavior. This is important: Most lay medical expertise stems from folk models of health. Similarly, people have folk models of computer security (PDF). Maybe they're right, and maybe they're wrong, but they're how people organize their thinking. This points to a possible way that computer security training can succeed. We should stop trying to teach expertise, pick a few simple metaphors of security, and train people to make decisions using those metaphors.

On the other hand, we still have trouble teaching people to wash their hands -- even though it’s easy, fairly effective, and simple to explain. Notice the difference, though. The risks of catching HIV are huge, and the cause of the security failure is obvious. The risks of not washing your hands are low, and it’s not easy to tie the resultant disease to a particular not-washing decision. Computer security is more like hand washing than HIV.

Another area where training works is driving. We trained, either through formal courses or one-on-one tutoring, and passed a government test to be allowed to drive a car. One reason that works is because driving is a near-term, really cool, obtainable goal. Another reason is even though the technology of driving has changed dramatically over the past century, that complexity has been largely hidden behind a fairly static interface. You might have learned to drive 30 years ago, but that knowledge is still relevant today.

On the other hand, password advice from 10 years ago isn't relevant today (PDF). Can I bank from my browser? Are PDFs safe? Are untrusted networks OK? Is JavaScript good or bad? Are my photos more secure in the cloud or on my own hard drive? The “interface” we use to interact with computers and the Internet changes all the time, along with best practices for computer security. This makes training a lot harder.

Food safety is my final example. We have a bunch of simple rules -- cooking temperatures for meat, expiration dates on refrigerated goods, the three-second rule for food being dropped on the floor -- that are mostly right, but often ignored. If we can’t get people to follow these rules, then what hope do we have for computer security training?

To those who think that training users in security is a good idea, I want to ask: "Have you ever met an actual user?" They're not experts, and we can’t expect them to become experts. The threats change constantly, the likelihood of failure is low, and there is enough complexity that it’s hard for people to understand how to connect their behaviors to eventual outcomes. So they turn to folk remedies that, while simple, don't really address the threats.

Even if we could invent an effective computer security training program, there's one last problem. HIV prevention training works because affecting what the average person does is valuable. Even if only half of the population practices safe sex, those actions dramatically reduce the spread of HIV. But computer security is often only as strong as the weakest link. If four-fifths of company employees learn to choose better passwords, or not to click on dodgy links, one-fifth still get it wrong and the bad guys still get in. As long as we build systems that are vulnerable to the worst case, raising the average case won't make them more secure.

The whole concept of security awareness training demonstrates how the computer industry has failed. We should be designing systems that won't let users choose lousy passwords and don't care what links a user clicks on. We should be designing systems that conform to their folk beliefs of security, rather than forcing them to learn new ones. Microsoft has a great rule about system messages that require the user to make a decision. They should be NEAT: necessary, explained, actionable, and tested. That's how we should be designing security interfaces. And we should be spending money on security training for developers. These are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system.

If we security engineers do our job right, then users will get their awareness training informally and organically from their colleagues and friends. People will learn the correct folk models of security and be able to make decisions using them. Then maybe an organization can spend an hour a year reminding their employees what good security means at that organization, both on the computer and off. That makes a whole lot more sense.

Bruce Schneier is chief security technology officer at BT, and the author of several security books as well as the Schneier On Security blog. Special to Dark Reading

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Nearly 200 senior IBM executives are flying into Washington to press for the passage of a controversial cybersecurity bill that will come up for a vote in the House this week.

The IBM executives will pound the pavement on Capitol Hill Monday and Tuesday, holding nearly 300 meetings with lawmakers and staff. Over the course of those two days, their mission is to convince lawmakers to back a bill that’s intended to make it easier for industry and government to share information about cyber threats with each other in real time.

“The message we're going to give [lawmakers] is going to be a very simple, clear message: support the passage of CISPA,” he later added.

The Cyber Intelligence Sharing and Protection Act, or CISPA, by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), passed out of committee on an 18-2 vote last Wednesday and is expected to come to the floor for a vote as soon as mid-week.

While the bill enjoys strong backing from industry, privacy advocates warn the bill lacks sufficient protections for people’s information online. The White House issued a veto threat against the first iteration of CISPA last year, due in part to privacy concerns.

Despite the opposition, CISPA safely passed the House last year on a bipartisan vote—and IBM intends to make sure it does again this week.

The technology services company runs the information technology networks of major hospitals, banks and electric companies—key infrastructure that lawmakers and security officials warn are top targets for hostile actors to launch a cyberattack.

Big Blue is also the top recipient of U.S. patents and owns a trove of valuable intellectual property that would be enticing to probing hackers looking to siphon valuable proprietary information. A report published by computer security firm Mandiant this year concluded that an elite military unit of Chinese hackers has allegedly cracked into the computer systems of more than 100 U.S. companies and stolen intellectual property.

The company believes the best way to thwart a cyberattack is to encourage companies to share more data about malicious source code and other online threats with the government and their private-sector peers so they can take steps to address it, according to Padilla.

“It’s our experience that the most effective thing you can do when a cyberattack occurs is to share information quickly between government and industry and between industry actors in real time in order to find where the attack is coming from and to shut it down,” he said.

"The key really is when an attack happens—and they will happen—is detecting it, and shutting it down and preventing the loss of data as quickly as possible. That's a question of information and it's a question of speed," Padilla said. "And often, the government will have very timely and critical information that banks or telecommunications companies need to know that there is an attack. Other times, we detect it first and sharing [information] with the government could serve to warn others that there may be an attack."

But companies are currently hesitant to share information about cyber threats they spot on computer networks with the government because they fear it may put them at risk for being sued. CISPA would address that concern, Padilla said, by granting companies liability protection from lawsuits if they share threat information with the government, allowing firms to get the assistance and data they need faster.

If a cyberattack is launched against a key piece of infrastructure, “you don't want a bunch of lawyers sitting in a room arguing whether to tell the government,” he said. “You want there to be clear and established procedures. CISPA will help facilitate that.”

But the cyber information-sharing bill has rankled privacy advocates from Washington to Silicon Valley. One of their chief concerns with the bill is that it would allow companies to share threat information directly with the military, including the National Security Agency, without being required to take steps to remove personally identifiable information from that data. Privacy advocates warn that could lead to people's email and IP addresses, names, and other personal information being inadvertently passed on to the NSA without their knowledge.

The American Civil Liberties Union, Center for Democracy and Technology and Electronic Frontier Foundation argue that a civilian agency, namely the Homeland Security Department (DHS), should be the first recipient of cyber threat data from companies. DHS would then pass on that data with other government agencies and departments.

Privacy advocates argue that a civilian agency is subject to more oversight relative to the secretive spy agency.

Reps. Jan Schakowsky (D-Ill.) and Adam Schiff (D-Calif.) proposed a set of privacy-focused amendments during the markup of CISPA last week, which did not receive enough votes to be adopted into the bill. One of the amendments by Schakowsky would have ensured that DHS is the first recipient of threat data from companies and would relay that information to other agencies.

"I think if you're looking just to maximize efficiency and you don't care about anything else, then we should give the job to NSA. But we have a separation of civilian and military in this country when you're talking about domestic cyber information," Schiff said at a press conference after the House Intelligence panel's markup of CISPA. "If we wanted efficiency only, then we wouldn't have a Fourth Amendment."

CISPA would “shift the control of the cyber program from civilian hands to a secretive military agency," said Greg Nojeim, senior counsel for the Center for Democracy and Technology, last week. "It'll be very difficult for there to be any transparency or any accountability if that shift happens."

Padilla, however, says companies need to be able to share threat data directly with the NSA “because that’s where the expertise is.”

“It really is a simple matter. The expertise in the U.S. government on cybersecurity largely rests in one place, and that's the National Security Agency,” he said. “They tend to know the most, the soonest about cyber threats and I think, frankly, there is a certain amount of feeling in the business community that you should be able to work directly and share information directly with the agency that has the most expertise.”

He said that IBM is open to working with DHS and other civilian agencies on the company’s cybersecurity efforts, but it believes the NSA has the most expertise at this point.

“We don't have a bias. We just want to work with who's got the expertise,” Padilla said.

During their fly-in trip, the executives also plan to press lawmakers to pass comprehensive immigration reform, which would include measures aimed at raising the cap for H-1B visas for skilled workers and freeing up more green cards.

US Creating Cybersecurity Working Groups With Japan and China(April 14 & 15, 2013)US Secretary of State John Kerry says that the US is creating working groups with Japan and China to address cybersecurity related issues. Because "some of the most serious cyber threats to businesses emanate from" the Asia Pacific Region, it is important to have countries there be part of the solution to the problem.

[Editor's Note (Pescatore): There are strong parallels between the US/USSR in the Cold War and "Mutually Assured Destruction" nuclear restraint strategies, and today's international cybersecurity issues. Having *both* diplomatic and military initiatives in the cyber area is important.

(Murray): China wants to control the content. (If one is running a single-party state, Facebook is more than a mere inconvenience.) The US wants to defend its fragile infrastructure. That said, both have an interest in an orderly Internet. Before we turn the Internet into a battlefield, we should at least try diplomacy to find mutually agreed state behavior, short of "war," that serves both interests.]

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

--EPIC Urges NIST to Draw Distinction between Cybercrime and Cyberterrorism(April 15, 2013)The Electronic Privacy and Information Center (EPIC) wants the US National Institute of Standards and Technology (NIST) to make clear distinctions between cyber crime and cyber terrorism. NIST is developing a cybersecurity platform as part of the president's executive order on cybersecurity, and asked for public comments on the development of that platform. In its comments, EPIC notes that "the overwhelming majority of cybersecurity incidents do not fall within the 'national security' designation."

[Editor's Note (Pescatore): First: the horrible attacks at the Boston Marathon once again point out the schlockiness of the term "cyberterrorism." After each bombs and blood actual terrorist attack, from Oklahoma City in 1995 through the terrorist attacks against the US in September 2011, someone says "The next terror attack will be cyber" - - no, it will not. With that out the way, EPIC is dead on here. The cyber attack public relations focus shifted from cybercrime to China because that is a great way to go after funding and government budgets. The actual volume of attacks and likelihood of damage most companies face did *not* shift. (Murray): Well, EPIC is right to take the opportunity of the NIST RFC to raise the issue. However, the problem is not limited to NIST. Most of the attacks in the Internet are motivated by things other than terror (e.g., economics). Those that are intended to terrorize represent a "national security" threat only to the extent that we react to them as the terrorists hope. Government policy that treats them all as "war" is not efficient and, at least arguably, is not effective. It is essential that we distinguish between existential threat and the human condition.

(McBride): This is a pivotal distinction that needs to be addressed. Having a set of predetermined criteria to judge between national security issues and non-national security issues would help the federal government provide appropriate support while maintaining civil liberties and conserving taxpayer resources. It would also encourage rather than discourage participation and innovation that comes from private sector cyber security firms. ]

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

--Chinese General Says Cyber Attacks Are Like Nuclear Bombs (April 22, 2013) While rejecting claims that the Chinese military is behind cyberspying aimed at Western companies, the chief of staff of the People's Liberation Army, likened cyber attacks to nuclear bombs, saying "If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb."

[Editor's Note (Paller): Not so far fetched. When Gary Roughead was U.S. Chief of Naval Operations he told Tony Sager and Jim Lewis and me, "for the Navy, Cyber is more important now than nuclear." Sadly, the Navy's new leadership hasn't followed through on making the Navy a leader in cyberspace.)

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

U.S. Directly Blames China’s Military for CyberattacksBy DAVID E. SANGERPublished: May 6, 2013 30 Comments

WASHINGTON — The Obama administration on Monday explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.”

While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in the Pentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the nearly 100-page report said.

The report, released Monday, described China’s primary goal as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into American policy makers’ thinking. It warned that the same information-gathering could easily be used for “building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

It was unclear why the administration chose the Pentagon report to make assertions that it has long declined to make at the White House. A White House official declined to say at what level the report was cleared. A senior defense official said “this was a thoroughly coordinated report,” but did not elaborate.

On Tuesday, a spokeswoman for the Chinese Ministry of Foreign Affairs, Hua Chunying, criticized the report.

‘‘China has repeatedly said that we resolutely oppose all forms of hacker attacks,’’ she said. ‘‘We’re willing to carry out an even-tempered and constructive dialogue with the U.S. on the issue of Internet security. But we are firmly opposed to any groundless accusations and speculations, since they will only damage the cooperation efforts and atmosphere between the two sides to strengthen dialogue and cooperation.’’

Missing from the Pentagon report was any acknowledgment of the similar abilities being developed in the United States, where billions of dollars are spent each year on cyberdefense and constructing increasingly sophisticated cyberweapons. Recently the director of the National Security Agency, Gen. Keith Alexander, who is also commander of the military’s fast-growing Cyber Command, told Congress that he was creating more than a dozen offensive cyberunits, designed to mount attacks, when necessary, at foreign computer networks.

When the United States mounted its cyberattacks on Iran’s nuclear facilities early in President Obama’s first term, Mr. Obama expressed concern to aides that China and other states might use the American operations to justify their own intrusions.

But the Pentagon report describes something far more sophisticated: A China that has now leapt into the first ranks of offensive cybertechnologies. It is investing in electronic warfare capabilities in an effort to blind American satellites and other space assets, and hopes to use electronic and traditional weapons systems to gradually push the United States military presence into the mid-Pacific nearly 2,000 miles from China’s coast.

The report argues that China’s first aircraft carrier, the Liaoning, commissioned last September, is the first of several carriers the country plans to deploy over the next 15 years. It said the carrier would not reach “operational effectiveness” for three or four years, but is already set to operate in the East and South China Seas, the site of China’s territorial disputes with several neighbors, including Japan, Indonesia, the Philippines and Vietnam. The report notes a new carrier base under construction in Yuchi.

The report also detailed China’s progress in developing its stealth aircraft, first tested in January 2011. ===============age 2 of 2)

Three months ago the Obama administration would not officially confirm reports in The New York Times, based in large part on a detailed study by the computer security firm Mandiant, that identified P.L.A. Unit 61398 near Shanghai as the likely source of many of the biggest thefts of data from American companies and some government institutions.

Until Monday, the strongest critique of China came from Thomas E. Donilon, the president’s national security adviser, who said in a speech at the Asia Society in March that American companies were increasingly concerned about “cyberintrusions emanating from China on an unprecedented scale,” and that “the international community cannot tolerate such activity from any country.” He stopped short of blaming the Chinese government for the espionage.

But government officials said the overall issue of cyberintrusions would move to the center of the United States-China relationship, and it was raised on recent trips to Beijing by Treasury Secretary Jacob J. Lew and the chairman of the Joint Chiefs of Staff, Gen. Martin E. Dempsey.

To bolster its case, the report argues that cyberweapons have become integral to Chinese military strategy. It cites two major public works of military doctrine, “Science of Strategy” and “Science of Campaigns,” saying they identify “information warfare (I.W.) as integral to achieving information superiority and an effective means for countering a stronger foe.” But it notes that neither document “identifies the specific criteria for employing a computer network attack against an adversary,” though they “advocate developing capabilities to compete in this medium.”

It is a critique the Chinese could easily level at the United States, where the Pentagon has declined to describe the conditions under which it would use offensive cyberweapons. The Iran operation was considered a covert action, run by intelligence agencies, though many techniques used to manipulate Iran’s computer controllers would be common to a military program.

The Pentagon report also explicitly states that China’s investments in the United States aim to bolster its own military technology. “China continues to leverage foreign investments, commercial joint ventures, academic exchanges, the experience of repatriated Chinese students and researchers, and state-sponsored industrial and technical espionage to increase the level of technologies and expertise available to support military research, development and acquisition.”

But the report does not address how the Obama administration should deal with that problem in an economically interconnected world where the United States encourages those investments, and its own in China, to create jobs and deepen the relationship between the world’s No. 1 and No. 2 economies. Some experts have argued that the threat from China has been exaggerated. They point out that the Chinese government — unlike, say, Iran or North Korea — has such deep investments in the United States that it cannot afford to mount a crippling cyberstrike on the country.

The report estimates that China’s defense budget is $135 billion to $215 billion, a large range attributable in part to the opaqueness of Chinese budgeting. While the figure is huge in Asia, the top estimate would still be less than a third of what the United States spends every year.

Some of the report’s most interesting elements examine the debate inside China over whether this is a moment for the country to bide its time, focusing on internal challenges, or to directly challenge the United States and other powers in the Pacific.

But it said that “proponents of a more active and assertive Chinese role on the world stage” — a group whose members it did not name — “have suggested that China would be better served by a firm stance in the face of U.S. or other regional pressure.”

(May 10 & 13, 2013)According to a report from Reuters, the US government is the single largest buyer in the "gray market" of offensive hacking tools. While tools that exploit unknown vulnerabilities provide a tactical advantage, not disclosing the flaws leaves other organizations, including those in the US, vulnerable to attacks. Former high level cybersecurity officials have expressed concern about the situation. Former White House cybersecurity advisor Richard Clarke said, "If the US government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell US users." Howard Schmidt, also a former White House cybersecurity advisor, said, "It's pretty naive to believe that with a newly-discovered zero-day, you are the only one in the world that's discovered it." And former NSA director Michael Hayden said that although "there has been a traditional calculus between protecting your offensive capability and strengthening your defense, it might be time now to readdress that at an important policy level."

Paying the vulnerability purveyors for the malware also removes the incentive for talented hackers to inform software makers about the flaws.

[Editor's Note (Pescatore): Governments are the largest buyers of all offensive weapons and the US government (DoD/Intelligence plus national law enforcement) is usually the largest of the government buyers, so this is sort of a "drug companies are the biggest buyers of opiates" story.

(Assante): The main ramification of a thriving tools market is greater investment in vulnerability discovery and the development of more powerful tools to assemble and test exploits. 2006 is considered a turning point as the emerging underground tool market breed specialization and provided paths for money to cycle through the system. Monetization of hacking gains began to feed upstream tool developers and people willing to commit attacks became more reliant on tools that were purchased. Super buyers will certainly influence this market place, but they are only one category of participant - these markets are here to stay.]

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

This is so true. Business spying is rampant. There is some outrage when there is government spying. There is some outrage over international sovereign spying. But not enough about business/criminal spying. It has to be rampant on Wall street. It has to rampant in Wash DC. I can tell you it is rampant in the entertainment industry. I am not sure what can be done about. Most people don't see it, are not big victims of it yet, or don't know. So they don't care or don't believe it. That is part of the problem. Than what to do with the progressively advancing technology all the while more and more of everything is connected. Thirdly one would have to assume people who are enforcing it are honest and not corruptible. Good luck.

The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s highly organized team of hackers — or at least urge them to become more subtle.

From BD: It is unclear to me why a more subtle cyberattack from China is better.

Since we are talking about warfare, blowing up the building might make an impact - just thinking aloud - or more realistically, shut down their internet until they understand our concern. We avoid bad choices by making the good ones work. Unless there is something effective happening behind the scenes, this is another case of our Commander in Chief not even voting present in his responsibilities.

If he went after enemies, terrorists and geopolitical rivals with the zest that the uses to attack the tea party, Rush Limbaugh and Fox News, they might think twice before messing with us.

Remember how Eisenhower backed up Britain, France, and Israel in 1956 from retaking the Suez Canal?

He threatened to sell the bonds of theirs which we held from WW2.

BO, committed to deficit spending, needs the Chinese to buy our debt. Currently, at negative real interest rates, we pay about $250-300B a year on interest on the national debt. If the Chinese dump our bonds and interest rates go up, our numbers get real dicey in a big hurry.

So he barks occasionally and does nothing.

In the meantime in a few years our interest payments to China will be paying for 100% of their military.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.

--NSA/CyberCom To Get Green Light Response to Cyber Attack (May 27, 2013) DoD is on the verge of approving new standing rules of engagement, rules that will for the first time authorize a U.S. response to cyber attacks. It's part of a general push to move more cyber warfare into the traditional military strategy and away from the often contentious realm of National Security Council debate. The new rules will empower commanders to counter direct cyberattacks with offensive efforts of their own - without White House approval.

US officials say that hackers operating on behalf of the Iranian government are targeting industrial control systems at US energy companies in an attempt to damage the country's critical infrastructure. Thus far, the attacks have focused on gathering intelligence about how the systems operate. Some US officials have posited that Stuxnet, the sophisticated malware attack that targeted centrifuges at an Iranian nuclear facility in 2010 pushed Iran to develop stronger cyberattack capabilities and to retaliate.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

A new report says that the Chinese are hacking American computer networks at analarming rate. This is hardly news. I've been including the phrase "&#26089;&#23433;&#65292;&#25105;&#25265;&#27465;&#26377;&#27794;&#26377;&#22312;&#36889;&#23553;&#38651;&#23376;&#37109;&#20214;&#20013;&#30340;&#21830;&#26989;&#31192;&#23494;&#25110;&#21152;&#25343;&#22823;&#33394;&#24773;&#12290;&#35531;&#20572;&#27490;&#27578;&#23475;&#37239;&#21205;&#29289;&#21828;&#26408;&#40165;&#37291;&#23416;&#12290;&#21083;&#21083;&#36023;&#20102;&#19968;&#20123;&#20553;&#21733;&#20102;"at the bottom of every e-mail for months (I put it just above where it says "Hello Mr. Holder!"). It means, according to Google translate: "Good Morning, I'msorry there's no trade secrets or Canadian porn in this e-mail. Please stop killingcool animals for pecker medicine. Just buy some Viagra already."

What is new is the scope of the problem the report lays out. This is a thorny issueand I think the U.S. needs to be much, much more aggressive in combating it. Whyit's not a bigger issue for the WTO, for instance, is baffling to me. They arestealing our stuff, which strikes me as a bigger deal than taxing it at the border.

Explaining to the Chinese leadership that they shouldn't be doing this because it'swrong is like explaining to a dog licking its nethers that what he's doing is badmanners: To the extent they understand at all, they couldn't care less. They respectpower. They understand when you put a price on bad behavior. So we need to put aprice on Chinese hacking. It's really that simple. The hard thing to figure out ishow.

As I mentioned the other night on Special Report, the coolest idea on this scorecomes from Jeremy Rabkin. He wants the U.S. government to issues Letters of Marqueto freelance squadrons of hackers and other cyber renegades.

Before the mid-nineteenth century, "privateers" were often commissioned to attackenemy ships. They were offered a percentage of what they could seize from enemycommerce. They were distinguished from mere pirates -- with whom they had obvioussimilarities -- by formal authorizations, so-called "letters of marque," issued bythe sponsoring state.

Privateering was once a common feature of naval warfare, partly for reasons ofeconomy: it allowed governments to extend their force at sea without the expense ofmaintaining large fleets. There were also diplomatic or strategic advantages.

Commissioning privateer attacks was a means of imposing harm on another statewithout committing to war. Thus the framers of the U.S. Constitution took care tospecify that Congress had the power to "declare war" but also the power to "issueletters of marque," implying that the latter could proceed without the former. Ininterpreting this clause in an early case, the U.S. Supreme Court cited the treatiseof the Swiss jurist Jean-Jacques Burlamaqui, who associated the practice with "imperfect war," in which some hostilities are permitted but theconflict remains more constrained than all-out war. In practice, letters of marqueoften were issued to those who had learned the craft of capturing prize at seawithout any government authorization. Governments issuing authorization broughtthese raiders under more state control in return for offering them more stateprotection.

Comparisons between cyber warriors and pirates of old are not fanciful. Cyber crimeis a pervasive aspect of today's Internet. Much like international drug dealers,cyber criminals have sought protective relations with sympathetic or accommodatinggovernments. The so-called "Russian Business Network," active in a range of cybercrime activities, seems to have received protection and support from the Russiangovernment. The Chinese government has openly encouraged private hackers and may well have enlisted organized groups to probe Westernbusiness and government networks -- and then take or sell what they can.

Without getting into the fine print, let me just say that is the most badasspublic-policy proposal I've heard in years. I want this to happen so badly! It'slike a William Gibson novel meets Revenge of the Nerds. Gothy kids with inhalers,cubicle dwellers in chinos, the whole grand coalition of computer geeks can become .. . pirates! Oh, make this happen!

"Explaining to the Chinese leadership that they shouldn't be doing this because it'swrong is like explaining to a dog licking its nethers that what he's doing is badmanners: To the extent they understand at all, they couldn't care less. They respectpower"

Exactly! The problem being that they know what Buraq is and hold him in utter, unmasked contempt.

What a perfect excuse to spy on Americans - it is all to keep us safe. The progressive machine took this ball and ran with it. Don't let any opportunity go to waste. For years I suspect the PC makers and the software people have embedded ways of hacking into one's machine. The excuse is they are cooperating with law enforcement to be able to track data. I don't trust these companies to not use it for their purposes any more than I trust Obama's organized crew is not using it for the political agenda. OK Obama let's have a mature conversation about this. First you and your crew need to go and we need all information on the table for people to see.

How can we have any legitimate conversation or public discussion of this with dishonest persons at the top not being transparent? Like Levin says this guy can look you right in the eye keep a straight sincere face and without flinching or remorse or guilt tell you lies all day long. So now Americans are supposed to discuss this in public?

And the media still covers as much as possible for him....

****NSA phone spying program FOILED plan to blow up New York City subway, claim under fire security officials

NSA domestic spying program foiled 2009 NYC subway bombing plot•Government program credited by Rep. Mike Rogers, R-Mich., House Intelligence Committee head, with thwarting planned attack•Alleged terrorist found out after emailing known Al-Qaeda leader in Pakistan for help making a bomb•Attack stopped as a result of collaboration between US and British intelligence agencies

By Associated Press Reporter

PUBLISHED: 07:40 EST, 8 June 2013 | UPDATED: 21:54 EST, 8 June 2013

The government's broad programs to collect U.S. phone records and Internet traffic helped disrupt a 2009 plot to bomb the New York City subways, a senior U.S. intelligence official said.

But the assertion raises as many questions as it answers because court testimony indicated the subway plot investigation began with an email.

Over the past days, The Guardian newspaper and The Washington Post have revealed classified documents showing how the National Security Agency sweeps up phone records and Internet data in its hunt for terrorists. Those programs have come under criticism from civil libertarians and some in Congress who say they were too broad and collected too much about innocent Americans.

In one of those programs, the NSA's collected daily records of millions of phone calls made and received by U.S. citizens not suspected of any wrongdoing.

On Thursday, Rep. Mike Rogers, R-Mich., who leads the House Intelligence Committee, credited that effort with thwarting a terrorism plot. But he did not elaborate.

The senior U.S. intelligence official who asserted Friday that the phone records program together with other technical intercepts thwarted the subway plot would not provide other details. The official was not authorized to discuss the plot publicly and requested anonymity.

Afghan-American Najibullah Zazi pleaded guilty in the 2009 plot, saying he had been recruited by al-Qaida in Pakistan.

The break in that case came, according to court documents and testimony, when Zazi emailed a Yahoo address seeking help with his bomb recipe.

At that time, British intelligence officials knew the Yahoo address was associated with an al-Qaida leader in Pakistan. That's because, according to British government documents released in 2010, officials had discovered it on the computer of a terror suspect there months earlier.

Because the NSA and British intelligence work so closely together and so little is known about how the NSA monitors email traffic, it's possible that both agencies were monitoring the Yahoo address at the time Zazi sent the critical email in 2009.

What's unclear, though, is how the phone program aided the investigation, which utilized court-authorized wiretaps of Zazi and his friends.

Based on what's known about the phone-records program, the NSA might have had an archive of all the phone calls Zazi had made, which might have helped authorities look for possible co-conspirators.

Because the phone program remains classified, however, it's impossible to say with certainty how the program benefited the investigation..

A National Security Agency whistleblower named Thomas Drake was indicted several years ago for providing information to the press on waste, fraud and bureaucratic dysfunction in the agency’s counterterrorism programs. The U.S. Department of Justice indicted Drake, an NSA senior executive, under the Espionage Act of 1917 for retaining allegedly classified information. Eventually, the felony charges against Drake were dropped, and he pled guilty to a misdemeanor, exceeding authorized use of a computer. Still, the DOJ’s strategy in that case may provide some clues as to what’s in store for Edward Snowden, a government contractor who exposed himself last weekend as the source for a widespread domestic communications story first reported by The Guardian. Drake spoke with Scientific American to shed some light on whistleblower prosecutions and the science behind surveillance. An edited transcript of the conversation follows:

Director of National Intelligence James Clapper has said it's not realistic nor would he want to listen to everyone's communications, so what can be done with all these phone records that the NSA is collecting?

The distinction here is metadata versus content. It’s like when you get physical snail mail, it has a certain shape, weight and type of envelope, and an address and a return address and a stamp and usually a date and routing numbers. And it’s going to a particular mailbox at a particular address—that’s all metadata. The content is what it’s inside the envelope. In a digital space the metadata is always associated with content. The content would be the actual phone call—the conversation. The fact is the metadata is far more valuable to them because it gives them an index of everything. If they want to, the data is available and the capability exists to store it, then later they can access the content as well with a warrant. You can learn a tremendous amount about people by looking at the metadata…phone records include location information. At that level you can track them as well and know who they speak with, the time of day and all of that. By definition a phone number is always associated with somebody or some business—believe me, subscribers all have names. Think of the White Pages; the White Pages equal metadata. If I store that, that gives the government a phenomenal power in secret to track all kinds of information about a person without going to content.

With all that data, it would take tremendous resources to scour that information even before we get to content. So how do you know what to look for?

Patterns. Signatures. Profiling. That’s where it gets pernicious in secret; that’s when they may decide to look at content as well. But metadata even without content already tells you a lot of information. Metadata gives meaning to content. What does NSA need with a 100 million phone records? We are losing the foundation of innocence until proven guilt. The assumption of innocence no longer exists in a surveillance state…we are all foreigners now. To me that’s crossing over into a form of governance that is a clear violation of the Fourth Amendment. We are eroding a foundational part of this country. The important distinction is the law that exists right now allows the government with some [limitations—] at least on paper—to collect all meta-data without any particularized suspicion on someone without getting a warrant for someone. To get content you would need a warrant. The technology is such that the distinction between metadata and content is largely losing its distinction simply because all digital content by definition has metadata associated with it. You can strip off the metadata to do the analysis...but then when you want to, because you already have the data, even if you didn’t have probable cause to do it,you can get into the content.

Based on your experience, talk to me about Snowden’s decision to turn himself in. Would it have been possible for Snowden to hide out?

He exposed himself, which is one of the unique things here. Once you are flagged though, even if he hadn’t turned himself in…the system is so vast in terms of your digital footprint it wouldn’t have taken long to find him…Could he totally go off the grid and disappear? The system itself would have been alerted. He would have had less time to hide out if he had not gone overseas even if he had not exposed himself. He clearly made a preemptive decision…if he went overseas as a U.S. citizen they can’t grab you off the street the next day though he has indicated in interviews he is concerned about rendition. Leaving creating another barrier. It buys him time to make other arrangements in terms of seeking asylum.

Could cyber hackers have obtained the information that these programs existed through data-mining efforts?

Probably not. Those systems are extraordinarily well-protected. It’s very difficult to hack in, especially to the top secret ones. That’s why you have never seen a Foreign Intelligence Surveillance Act court order in public. This is the first one to my knowledge. The classification system is so high it has special protections. It takes someone with access and knowledge to make that fateful decision that it’s in the best interests of the public to have access to that type of information and free it.

From your experience, how do you think the NSA will come after Snowden?

With everything they’ve got.

So do you think they will use the same playbook they used with you—charging Snowden under the Espionage Act?

Yes. It will probably be very similar, there’s no question. I was never actually charged with leaking or disclosing. I was actually charged for retention of unauthorized documents.

What could someone like Snowden do—for a career—after this kind of security breach?

He will have to have an attorney shield him and protect him as best as he can. The government always has a choice in the matter; they can open a case and never prosecute. I suspect they will throw everything they had after him. He will have a heck of a time as I did…I found part-time work but I made far less than before; you are blacklisted. Your clearance is no longer valid so you can’t work in government and people think you can’t be trusted. It will probably be a whole different line of work for him at least in the near or mid-term as it certainly was for me. For a long time I had no income. He knew that there would serious consequences when he made the fateful decision to turn this information over to the press.

If I may ask, what do you do now?

I work full-time at an Apple retail store.

In an environment where Wikileaks is currently in the headlines, and now this, do you think this will change the way Americans approach security questions?

Just since my criminal case ended with one year of probation and community service, this is the most media attention I’ve had by far. I can’t even get to all my emails right now; it’s extraordinarily overwhelming. That tells me that for now this story has legs and people are discussing what are civil liberties versus surveillance and questioning how far they can erode our liberties for the sake of surveillance. The question is do Americans care enough and it looks like we’re having that debate now and I hope that it sustains itself, that’s certainly my wish.

Follow Scientific American on Twitter @SciAm and @SciamBlogs. Visit ScientificAmerican.com for the latest in science, health and technology news.

From what we know so far, Edward Snowden appears to be the ultimate unmediated man.Though obviously terrifically bright, he could not successfully work his way throughthe institution of high school. Then he failed to navigate his way through communitycollege.

According to The Washington Post, he has not been a regular presence around hismother’s house for years. When a neighbor in Hawaii tried to introduce himself,Snowden cut him off and made it clear he wanted no neighborly relationships. He wentto work for Booz Allen Hamilton and the C.I.A., but he has separated himself fromthem, too.

Though thoughtful, morally engaged and deeply committed to his beliefs, he appearsto be a product of one of the more unfortunate trends of the age: the atomization ofsociety, the loosening of social bonds, the apparently growing share of young men intheir 20s who are living technological existences in the fuzzy land between theirchildhood institutions and adult family commitments.

If you live a life unshaped by the mediating institutions of civil society, perhapsit makes sense to see the world a certain way: Life is not embedded in a series ofgently gradated authoritative structures: family, neighborhood, religious group,state, nation and world. Instead, it’s just the solitary naked individual and thegigantic and menacing state.

This lens makes you more likely to share the distinct strands of libertarianism thatare blossoming in this fragmenting age: the deep suspicion of authority, the strongbelief that hierarchies and organizations are suspect, the fervent devotion totransparency, the assumption that individual preference should be supreme. You’remore likely to donate to the Ron Paul for president campaign, as Snowden did.

It’s logical, given this background and mind-set, that Snowden would sacrifice hiscareer to expose data mining procedures of the National Security Agency. Even if hehas not been able to point to any specific abuses, he was bound to be horrified bythe confidentiality endemic to military and intelligence activities. And, of course,he’s right that the procedures he’s unveiled could lend themselves to abuse in thefuture.

But Big Brother is not the only danger facing the country. Another is the risingtide of distrust, the corrosive spread of cynicism, the fraying of the social fabricand the rise of people who are so individualistic in their outlook that they have noreal understanding of how to knit others together and look after the common good.

This is not a danger Snowden is addressing. In fact, he is making everything worse.

For society to function well, there have to be basic levels of trust andcooperation, a respect for institutions and deference to common procedures. Bydeciding to unilaterally leak secret N.S.A. documents, Snowden has betrayed all ofthese things.

He betrayed honesty and integrity, the foundation of all cooperative activity. Hemade explicit and implicit oaths to respect the secrecy of the information withwhich he was entrusted. He betrayed his oaths.

He betrayed his friends. Anybody who worked with him will be suspect. Young peoplein positions like that will no longer be trusted with responsibility for fear thatthey will turn into another Snowden.

He betrayed his employers. Booz Allen and the C.I.A. took a high-school dropout andoffered him positions with lavish salaries. He is violating the honor codes of allthose who enabled him to rise.

He betrayed the cause of open government. Every time there is a leak like this, thepowers that be close the circle of trust a little tighter. They limit debate alittle more.

He betrayed the privacy of us all. If federal security agencies can’t do vast datasweeps, they will inevitably revert to the older, more intrusive eavesdroppingmethods.

He betrayed the Constitution. The founders did not create the United States so thatsome solitary 29-year-old could make unilateral decisions about what should beexposed. Snowden self-indulgently short-circuited the democratic structures ofaccountability, putting his own preferences above everything else.

Snowden faced a moral dilemma. On the one hand, he had information about a programhe thought was truly menacing. On the other hand, he had made certain commitments asa public servant, as a member of an organization, and a nation. Sometimes leakershave to leak. The information they possess is so grave that it demands they violatetheir oaths.

But before they do, you hope they will interrogate themselves closely and forcethemselves to confront various barriers of resistance. Is the information so gravethat it’s worth betraying an oath, circumventing the established decision-makingprocedures, unilaterally exposing secrets that can never be reclassified?

Judging by his comments reported in the news media so far, Snowden was obsessed withthe danger of data mining but completely oblivious to his betrayals and toward thedamage he has done to social arrangements and the invisible bonds that hold themtogether.

Sunday show obsessives got a bit of a Father's Day treat on Sunday: Dick Cheney on Fox News Sunday with Chris Wallace to talk about, among other things, the NSA data collection program. In something of a Greatest Hits interview, the former vice president threw everything he has behind government surveillance. And, despite looking a bit rusty when his cell phone went off on air, he's still got it.

The interview kicked off with Cheney, who was introduced by Wallace as "the driving force behind increased government surveillance" in the Bush administration, calling leaker Edward Snowden a "traitor," and insinuating that he may have had help from within the NSA. Asked if Snowden was spying on behalf of China, the former vice president said he was "deeply suspicious," and that the U.S. will "need to be really aggressive" with China to extradite Snowden.

Cheney also pushed aside Sen. Rand Paul's reservations about the NSA program that he made on Fox News Sunday last week. When asked why the NSA has to "vacuum up" information on ordinary citizens, Cheney laughed off the suggestion, saying that "it's just a big bag of numbers that has been collected." And, getting right into the swing of being back defending government surveillance, Cheney slipped into the first-person plural: "The allegation is not that we get all this personal information on Aunt Fanny or Chris Wallace, that's not the way it works." Cheney also took some ownership—or at least authorship—of the data-collection, saying that he "worked with [former Director of National Intelligence] Mike Hayden when we set this program up."

And while the former vice-president had many nice things to say about the "fine" men leading the NSA, he had no kind words for the president. "I don't pay attention, frankly, to a lot of what Barack Obama says...I'm obviously not a fan." He also said that President Obama is "dead wrong" in suggesting that the War on Terror is winding down, and that "in terms of credibility, I don't think he has credibility."

And, just for good measure, Cheney threw in his two cents on the IRS scandal: "One of the worst abuses of power imaginable."

If Cheney wasn't enough for your Father's Day morning, you were in luck. As the former vice-president exited, Karl Rove entered the show's panel to talk Syria. Because what better way is there to spend Father's Day than to pretend it's still 2005. *****

http://www.osc.gov/Intro.htmIntroduction to OSCWho We AreThe U.S. Office of Special Counsel (OSC) is an independent federal investigative and prosecutorial agency. Our basic authorities come from four federal statutes: the Civil Service Reform Act, the Whistleblower Protection Act, the Hatch Act, and the Uniformed Services Employment & Reemployment Rights Act (USERRA).

Our Mission OSC’s primary mission is to safeguard the merit system by protecting federal employees and applicants from prohibited personnel practices, especially reprisal for whistleblowing. For a description of prohibited personnel practices (PPPs), click here.

What We Do PPPs & Whistleblower ProtectionOSC receives, investigates, and prosecutes allegations of PPPs, with an emphasis on protecting federal government whistleblowers. OSC seeks corrective action remedies (such as back pay and reinstatement), by negotiation or from the Merit Systems Protection Board (MSPB), for injuries suffered by whistleblowers and other complainants. OSC is also authorized to file complaints at the MSPB to seek disciplinary action against individuals who commit PPPs. For more information on how we process PPP complaints, click here.

Disclosure UnitOSC provides a secure channel through its Disclosure Unit for federal workers to disclose information about various workplace improprieties, including a violation of law, rule or regulation, gross mismanagement and waste of funds, abuse of authority, or a substantial danger to public health or safety. For more information on our Disclosure Unit, click here.

Hatch Act Unit (Political Activity)OSC promotes compliance by government employees with legal restrictions on political activity by providing advisory opinions on, and enforcing, the Hatch Act. Every year, OSC’s Hatch Act Unit provides over a thousand advisory opinions, enabling individuals to determine whether their contemplated political activities are permitted under the Act.

Hatch Act Unit also enforces compliance with the Act. Depending on the severity of the violation, OSC will either issue a warning letter to the employee, or prosecute a violation before MSPB. For more information on our Hatch Act Unit, click here.

Uniformed Services Employment and Reemployment Rights Act (Veterans’ Rights)OSC protects the civilian employment and reemployment rights of military veterans and members of the Guard and Reserve by enforcing the Uniformed Services Employment and Reemployment Rights Act (USERRA). For more information about our USERRA program, click here.

Employee Information ProgramsSection 2302(c) of title 5 of the U.S. Code makes agency heads and officials with personnel authority responsible (in consultation with OSC) for informing federal employees of their rights and remedies under chapters 12 and 23 of title 5. These chapters deal with prohibited personnel practices, whistleblower disclosures, political activity, and access to OSC and MSPB.

OSC endeavors to assist agencies in carrying out their employee information responsibilities, including by the development of a general guide to federal employee rights and remedies under title 5. Click here for web and PDF versions of this resource.

Let me ask a serious question. We all know the type of person David Axelrod is. We know that he was responsible for the release of information on a candidate the ONE ran against . I think Doug posted about that an opponent's private divorce information was "leaked".

Does anyone here think Alexrod and the rest of his crew would not seek, and collect, and, sort, and use any data against any adversary they could from information collected either by government agencies, or the private corporations themselves who collect such information? Does anyone think just for the sake of an example, a person who has great power with a multibillion dollar corporation who plays the fascist game as well as anyone, with the initials JI associated with a company with the initials GE would not be willing to share say something of use politically to Axelrod in exchange for some government policy or agency preferential treatment, or other payoff? Anyone who would say that Alexrod as well as any countless politicians could be trusted is, how can I say this as nicely as possible, mistaken:

“I don’t think it ever should have been made secret,” Kelly said today, breaking ranks with US law-enforcement officials.

His blast came days after the Obama administration and Attorney General Eric Holder outraged New York officials by endorsing a federal monitor for the NYPD.

Kelly appeared to firmly reject Holder’s claim that disclosure of the monitoring campaign seriously damaged efforts to fight terrorism.

Ray Kelly

“I think the American public can accept the fact if you tell them that every time you pick up the phone it’s going to be recorded and it goes to the government,” Kelly said. “I think the public can understand that. I see no reason why that program was placed in the secret category.”

“Secondly, I think if you listen to Snowden, he indicates that there’s some sort of malfeasance, people . . . sitting around and watching the data. So I think the question is: What sort of oversight is there inside the [National Security Agency] NSA to prevent that abuse, if it’s taking place?”

Kelly has been on the receiving side of this kind of criticism.

The NYPD secretly spied on Muslim organizations, infiltrated Muslim student group and videotaped mosque-goers in New Jersey for years, it was revealed in 2012. The NYPD said its actions were lawful and necessary to keep the city safe.

After the vast federal phone-Internet monitoring program was revealed, President Obama said he had struck the right balance between ensuring security and protecting privacy.

But yesterday, Kelly indicated Obama was wrong.

“I think we can raise people’s comfort level if in fact information comes out as to that we have these controls and these protections inside the NSA,” he said.

Allies of Kelly viewed his criticism as payback for Holder’s decision to recommend — at the 11th hour of a controversial court case — that a federal monitor oversee the NYPD’s stop-and-frisk program.

“Everything that Ray Kelly does has a purpose,” said City Council Public Safety Chairman Peter Vallone Jr. (D-Queens). “If Eric Holder wants to lecture Police Commissioner Kelly on how to fight crime in New York, then one of the world’s foremost experts on public safety [Kelly] can lecture Holder on how to fight terrorism.”

Holder and other law-enforcement officials have trashed Snowden and his claim about out-of-control government snooping.

Kelly said of the leaker:

“He tried to give the impression, it seems to me, that these system administrators had carte blanche to do what they wanted to do,” he said. “I think it’s a problem if that’s in fact what’s happening.”

New York Post

NEW YORK POST is a registered trademark of NYP Holdings, Inc.

nypost.com, nypostonline.com, and newyorkpost.com are trademarks of NYP Holdings, Inc.

I am just beginning to get up to speed on this. I find my thinking rather muddled at present and what follows should be taken as merely some initial random impressions:

On the Chris Wallace show this week after the Cheney interview it seemed generally accepted (by Brit Hume, Jane Harman-- former congresswomen on the intel committee--, Karl Rove, Juan Williams) that this program was in the public record in 2006. It was asserted that to go past the metadata that FISA court search warrants were necessary and that there have been about 300 warrants granted (this year? total?)

I cannot find an acceptable reason for Snowden to be divulging our/British spying on foreign leaders at a G8 conference to the Chinese. Apparently he is giving more to the Chinese as well. This sure seems like treason to me.

Well Levin asks why do we need government to compile there own metadata when the privates are already snooping on us and they can get warrants to get data from them?

I don't buy we are safer. I don't buy government or some of its people will not use data for its own purposes and that this is not just a slippery slope but history tells us lack of transparency with the excuse of national security will by default of human nature to abuse.

I am shocked at the reaction at many on the right. Levin (I don't always agree with) asks how can freedom lovers defend this.

To me Snowden is a hero. There is absolutely no other avenue for him to express his concerns.

Just for kicks this doesn't just apply to computers. Copy machines can turn on mysteriously in the middle of the night. Indeed I think they can be used as back doors into computers:

****

Sharyl Attkisson Shares Update On Computer Hacking Investigation

June 17, 2013 2:22 PM

HACKED: Twitter Accounts Gone Wrong

Reporting Dom Giordano

PHILADELPHIA (CBS) — Just days after CBS News confirmed that reporter Sharyl Attkisson’s computer had indeed been hacked, Attkisson spoke to Dom Giordano about the investigation.

“This suspicious activity has been going on for quite some time – both on my CBS computer and my personal computer,” Attkisson said. “CBS then hired its own independent cyber security firm, which has been conducting a thorough forensic exam … they were able to rule out malware, phishing programs, that sort of thing.”

Attkisson described some of the bizarre things that were happening with her computer.

“There were just signs of unusual happenings for many months, odd behavior like the computers just turning themselves on at night and then turning themselves back off again. I was basically able to verify and obtain information from my sources on the suspicious activity and I reported it to CBS News in January because of course it included CBS equipment and systems.”

Attkisson could not speak about whether the hacking was related to her questions about Benghazi because of “legal counsel,” but she did say her work at that time was primarily on the occurrence.

“Whoever was in my work computer, the only thing I was working on were work-related things with CBS were big stories I guess during the time period in questions were I guess Benghazi and ‘Fast and Furious.’ The intruders did have access to personal information including passwords to my financial accounts and so on, but didn’t tamper with those, so they weren’t interested in stealing my identity or doing things to my finances. So people can decide on their own what they might have been trying to do in there.”

When asked how she felt about being hacked, Attkisson had this to say:

“Even apart from this specific incident with my computers … I operate as though someone is looking at what I do, just because that’s the safest thing,” Attkisson said. “While it’s upsetting to have that sort of intrusion done, it’s also not that unexpected.”

Attkisson also confirmed that the investigation is still ongoing, and that she still has questions about the way the Benghazi incident was handled.

“We’re continuing to move forward aggressively, CBS News takes this very seriously, as do I. I think whenever an unauthorized party comes into the home of an American, whether it’s any private citizen or journalist and gets in their house, searches their computers — these are computers my family uses — and they’re inserting or removing material for whatever their reasons are, I think that’s a really serious and disturbing matter and we’re gonna follow it up and keep pursuing it.”

a) "Well Levin asks why do we need government to compile there own metadata when the privates are already snooping on us and they can get warrants to get data from them?"

"I don't buy we are safer. I don't buy government or some of its people will not use data for its own purposes and that this is not just a slippery slope but history tells us lack of transparency with the excuse of national security will by default of human nature to abuse."

These seem like good points.

b) Still, why is Snowden giving stuff to the Chinese? Why divulge that the Brits were listening in to foreign leaders at a conference?

Despite last week's somewhat tinfoil-hatted G-File, I've actually been pretty careful about not locking into a position on the substance of the NSA story because I've had the sense from the beginning that there's just too much we don't know yet. That said, here are some partial conclusions I've come to over the last week.

First, James Clapper simply lied to Congress. I understand why he did. But from what I can tell, most of the people who lie to Congress do so for what they think are good reasons (Lois Lerner is an exception to that rule). That Clapper was unprepared to answer that question in a way that wasn't objectively deceitful amounts to gross malpractice.

Edward Snowden is fishier than the Frying Dutchman's All-You-Can-Eat Seafood Buffet. I'm not saying he's a Chinese agent or anything. Or, better said, I'm not saying he revealed all of this stuff as an agent of the Chinese. He might be auditioning for the position now. After all, you kind of lose some street cred when you bitch about the evil of the surveillance state and a lack of transparency and then set up shop in China. It's sort of like quitting your job as a lighting technician at the Mickey Mouse Club because you don't approve of the lax moral standards and then applying for a job at the Spearmint Rhino. Regardless, I think he's pretty clearly lying about what he was able to do as a cog in the NSA machine. He says he had the "authorities" to read anyone's e-mail, including the president's. I call shenanigans on this -- or at least the experts I've talked to do. It's unclear he even had the capability, which is a very different thing than the authority. I have the capability to drive my car through the window of a crowded Chipotle Mexican Grill and proclaim, "I came here to do two things: Chew gum and eat burritos, and I'm all out of gum!" That doesn't mean I have the authority to do such a thing.

This brings us to a really important distinction in all this: Existence vs. Abuse. I am coming around to the view that the program as it exists isn't necessarily outrageous on the merits. As far as we know so far, Snowden hasn't revealed any actual abuses of the program. And his hints about abuses are like bad pretzels: impossible to swallow without a lot of grains of salt. Now, you can argue that the existence of the program itself is, uh, itself an outrage. I have many friends who think this. I am truly torn on this question.

But you know what else is outrageous? The nuclear bomb. It's a barbaric weapon that can do a lot more damage than scanning your metadata. But like it or not, in a world where nuclear weapons exist, it's necessary for us to have nuclear weapons. The fact that they are horrible things doesn't mean we should get rid of them, it means that we should A) try really hard to keep our enemies from getting them and, more relevant, B) implement protocols that reassure people they won't be misused. Americans don't worry -- that much, at least -- about some bad actor in the White House or military launching a nuke on Trenton, N. J., and not just because the result would arguably be an improvement. We all understand that there are a whole bunch of hoops you have to jump through just to launch one of those suckers. First, there's the paperwork. Then, tour boss needs to get the order and his boss needs the order and all the way up and down the chain there are codes and redundancies until those two dudes have to turn the keys at the same time.

We know this mostly from Hollywood, of course. Which brings me to the last point. It would be in America's interest for the government to reassure people in the exact same way. No, I don't mean the government should make some bad movies about incredibly conscientious NSA spooks, but the government needs to get the reassurances sufficiently out there that they become fodder for the popular culture. To the extent there have been any movies and TV shows about NSA-CIA domestic snooping and evil-doing, they all make it seem like it's really easy for Alec Baldwin to get all up in your business like Frank Oz's hand inside Yoda. In the Bourne movies, all you've got to do is say the wrong word into your cell phone and the next thing you know some Monty Python dudes are knocking on your door asking for your liver, or something like that.

The problem with the nuclear-bomb analogy is that super-secret spying by keystroke is by its nature invisible. If someone drops a nuke by accident, odds are even the Today Show would lead with that over, say, Kim Kardashian's latest Facebook update about her irritable-bowel-syndrome diet. That's why the government needs to be a lot more transparent about this stuff. Now, my friends say that more transparency will make it harder to fight terrorists. To which I say, "Well, okay." Lots of things make it more difficult to fight terrorism. A few that come to mind: The First Amendment, the Fourth Amendment, posse comitatus rules, the moral, legal, and cultural strictures against indiscriminately flinging nuclear weapons at the Middle East, etc. Rand Paul makes a sound point when he says things would be easier for the watchmen if we simply installed microchips in everyone. That alone is not a boffo argument for doing so. I'm open to compromise here, but when a majority of the American people think the government will use these tools to harass political opponents, the government has an obligation to clear the air and reassure their bosses (and, in case you didn't read the American User Agreement called "the Constitution," that's us). If that makes things more difficult, well, that's too bad.

"I cannot find an acceptable reason for Snowden to be divulging our/British spying on foreign leaders at a G8 conference to the Chinese. Apparently he is giving more to the Chinese as well. This sure seems like treason to me."

"I cannot find an acceptable reason for Snowden to be divulging our/British spying on foreign leaders at a G8 conference to the Chinese. Apparently he is giving more to the Chinese as well. This sure seems like treason to me."

To My Congressional Colleagues: Stop the NSA GrandstandingMembers have had ample opportunity to learn about these valuable programs.By DAN COATS

Last week, Edward Snowden, a National Security Agency contractor, attempted to make a political point by leaking several documents that have seriously harmed America's ability to identify and respond to terrorist threats. As damaging as Mr. Snowden's disclosures are to public safety, I am also troubled by the decision of several members of Congress to mischaracterize this leak to advance their personal and political agendas.

I don't blame citizens for their concern about these secretive NSA programs. Personal privacy and civil liberties are important to all Americans and are protected by the Constitution. Unfortunately, the Obama administration—especially of late—has fueled people's distrust of government, which has made the reaction to Mr. Snowden's leak far worse.

The recent IRS scandal, U.S. Attorney General Eric Holder's contradictory statements regarding his role in the Justice Department's investigations into journalists, and the administration's inadequate and inconsistent responses to the attacks on our diplomatic facilities in Benghazi, Libya, are just a few examples of how the Obama administration has widened the trust deficit plaguing the country.

Though it is more difficult to quantify than the fiscal deficit, the trust deficit is just as profound, providing plenty of reason for many Americans to believe reports about the NSA's intrusiveness in their private lives. Fortunately, the reports are almost uniformly distorted or false.

Following the attacks of Sept. 11, 2001, the American people demanded that the intelligence community be able to "connect the dots" to prevent terrorist attacks. Had the recently revealed programs been available to the NSA before 9/11, we likely could have identified some or all of the hijackers before they murdered thousands.

Enlarge ImageimageimageGetty Images

Edward Snowden

Twelve years later, the intelligence community is doing exactly what the American people asked for. The counterterrorism programs revealed last week have helped to thwart dozens of terrorist attacks. In one case, these programs identified a connection between al Qaeda terrorists in Pakistan and Najibullah Zazi, an al Qaeda operative in Colorado. This enabled the FBI to stop Zazi and his associates from detonating explosives in the New York City subway system.

These programs represent some of the most effective means available to protect the country from terrorist organizations like al Qaeda. Leaking this information only degrades our ability to prevent attacks. It compromises our sources and gives terrorists critical information on how we monitor their activities.

When I asked NSA Director Gen. Keith B. Alexander about the consequences of Mr. Snowden's leaks during a recent Senate hearing, he replied: "If we tell terrorists every way we track them, they will get through, and people will die." Mr. Snowden apparently did not share that concern or did not care.

Mr. Snowden was wrong about key details of these programs, and the press, blogs and members of Congress from both parties have echoed his distortions. For the record: The government is not and cannot indiscriminately listen in on Americans' phone calls or target their emails. It is not collecting the content of conversations or even their location under these programs. For instance, the only telephone data collected is the time of the call, the phone numbers involved and the length of the call. That is how we connect the dots and identify links between international terrorists and their collaborators within the United States. All of this is done under the supervision of the nation's top federal judges, senior officials across several different federal agencies and Congress.

These programs are legal, constitutional and used only under the strict oversight of all three branches of the government, including a highly scrutinized judicial process. Furthermore, members of both political parties review, audit and authorize all activities under the Foreign Intelligence Surveillance Act. As a member of the Senate Intelligence Committee, I can attest that few issues garner more of our attention than the oversight of these programs.

Elected officials have a duty to the American people to engage in an informed and honest debate. So it troubles me that some of my colleagues in Congress are engaging in disingenuous outrage when they were given ample opportunity to learn more, ask questions and even vote against these programs. Mischaracterizing national-security programs for political gain is irresponsible and has the potential to weaken the country's defenses. Members of Congress must remain vigilant in the face of misleading information about the substance and utility of our counterterrorism activities.

As a result of these leaks and subsequent spread of misinformation, the federal government faces a Catch-22. The administration must disclose more information about the use of these programs to regain the people's trust and ensure the protection of civil liberties, but doing so also compromises the programs. As the NSA chief said in his recent testimony, "Everything depends on trust. . . . We do not see a trade-off between security and liberty. It is not a choice, and we can and must do both simultaneously."

The government's interest in carrying out these programs is the most compelling imaginable: an enduring defense against terrorist attacks that could take thousands of innocent lives. I have no doubt that returning to a pre-9/11 security posture will make this country less safe. A majority of Americans agree, and their support is likely to grow as sensationalism and fear are replaced with facts.

Sen. Coats is a Republican from Indiana and a member of the Senate Intelligence Committee.

The Russians handed us the Boston bombers and yet we now have a new group of amputees in Boston. A US Army major was chatting about jihad with an al qaeda cleric in Yemen and it took the DoD cops to stop his "workplace violence" episode.

We were tipped off about the underwear bomber, yet it was only ineptitude that saved that flight.

Good thing the FBI is no longer keeping an eye on mosques (I do have this right, yes?) and is now relying upon CAIR , , ,

There is also the matter of Baraq and his minions perpetually portraying the Tea Party as the moral equivalent to AQ , , , one might even get the idea that they want to use these capabilities against us , , , but that would be against the law , , , wouldn't it? , , ,